XHTML

Random Opinions, Expert Opinions, and Facts about AppArmor

My previous post titled AppArmor is Dead [1] has inspired a number of reactions. Some of them have been unsubstantiated opinions, well everyone has an opinion so this doesn’t mean much. I believe that opinions of experts matter more, Crispin responded to my post and made some reasonable points [2] (although I believe that he is overstating the ease of use case). I take Crispin’s response a lot more seriously than most of the responses because of his significant experience in commercial computer security work. The opinion of someone who has relevant experience in the field in question matters a lot more than the opinion of random computer users!

Finally there is the issue of facts. Of the people who don’t agree with me, Crispin seems to be the first to acknowledge that Novell laying off AppArmor developers and adding SE Linux support are both bad signs for AppArmor. The fact that Red Hat and Tresys have been assigning more people to SE Linux development in the same time period that SUSE has been laying people off AppArmor development seems to be a clear indication of the way that things are going.

One thing that Crispin and I understand is the amount of work involved in maintaining a security system. You can’t just develop something and throw it to the distributions. There is ongoing work required in tracking kernel code changes, and when there is application support there is also a need to track changes to application code (and replacements of system programs). Also there is a need to add new features. Currently the most significant new feature development in SE Linux is related to X access controls – this is something that every security system for Linux needs to do (currently none of them do it). It’s a huge amount of work, but the end result will be that compromising one X client that is running on your desktop will not automatically grant access to all the other windows.

It seems to me that the most important thing is to have an active community. Have a primary web site (maybe hosted by Novell, maybe SourceForge or something else) that is accurate and current. Have people giving talks about AppArmor at conferences to promote it to developers. Then try to do something to get some buzz about the technology, my SE Linux Play Machines inspired a lot of interest in the SE Linux technology [10]. If something similar was done with AppArmor then it would get some interest.

I’m not interested in killing AppArmor (I suspect that Crispin’s insinuations were aimed at others). If my posts on this topic inspire more work on AppArmor and Linux security in general then I’m happy. As Crispin notes the real enemy is his employer (he doesn’t quite say that – but it’s my interpretation of his post).

I’m not really sure if I like the last part of his blog entry, where he says “If AppArmor does die, then in some sense it just makes my job here of enhancing the Windows security value proposition vs. Linux that much easier.” and reiterates “So go ahead, make my day: ignore the popularity of AppArmor in the user community, keep blocking AppArmor from inclusion in Linus’ kernel. If all I have to do is make Windows security easier and more effective to deploy than SELinux, then my job is practically done for me.”. It seems to show some kind of resentment there.

I don’t have a clue on whether SELinux is better or worse than AppArmor, but this sentences somehow tell me that his answer might include some quite intense emotional content, and that is something that can usually taint the way someone thinks. I’m not doubting that he might have his reasons to think what he does, but I do have the feeling that if things were not really as he thinks, he might not be noticing or acknowledging them. I’m just a random computer user, I know, but I know enough of human nature to see some things :)

Miriam: I agree that his post didn’t have the most positive tone. But you have to keep in mind the fact that AppArmor is his creation, and even though he is now competing with it (after leaving Novell in a way that probably didn’t make him happy) he still has some attachment to the project. Some level of resentment is understandable.

Look at the latest development snapshots, it is still going at a good rate. Crispin is still lists as head developer, because if it is a community effort, perhaps he still has something to do with it as a community member.

You have given a very one sides, michael moorish view, leaving out a lot of relevant info. Ubuntu for example has apparmor enabled by default, perhaps they will start to pick up development, or already contribute.

I myself use RSBAC, as I think it is superior to both offerings, and would like to see it get more press and attention like it deserves.

James: Claiming that an MS employee who is working on a project that is actively competing with AppArmor is still the “head developer” of AppArmor while also claiming that AppArmor is a live project is not a well formed argument. It’s a desperate attempt to try and find evidence that supports what you want to believe.

If you want to talk about credibility, how about providing some information on the relevant work you have done. As I noted in the first paragraph of this post, unsubstantiated opinions of people who have no relevant experience don’t mean much to me.

I don’t use AppArmor, and don’t have any reason to hope it is not dead, the evidence simply does not support that, only the selective evidence you tried to show inferred it.

I have spent almost the 10 years working with this systems, and did a dissertation on the differences between them at monash. I really don’t feel I have to proove anything to you, if you can not hold an argument, or support your claims with non biased evidence.

What have you done that makes you such an authority, apart from having an selinux play machine?

James: Please provide the URL for your dissertation, I would like to read it.

If you want to find out what I have done then ask Google.

It seems very strange to me that an anonymous commentator on my blog expects their comments (and comments of other anonymous people) to be given the same weight as comments and posts by people such as the PaX developers and Crispin.

Note that on the net anyone can claim to have a university degree. Merely claiming to have years of relevant experience is easy and proves nothing.

As for whether you have to prove anything to me, 9 blog comments is rather a lot, so you seem to be trying hard.